A transition in cryptographic technologies is underway. New algorithms for encryption, authentication, digital signatures, and key exchange are needed to meet escalating security and performance requirements. Many of the algorithms that are in extensive use today cannot scale well to meet these needs. RSA signatures and DH key exchange are increasingly inefficient as security levels rise, and CBC encryption performs poorly at high data rates. An encryption system such as an IPsec Virtual Private Network uses many different component algorithms, and the level of security that it provides is limited by the lowest security level of each of those components. What we need is a complete algorithm suite in which each component provides a consistently high level of security and can scale well to high throughput and high numbers of connections. The next generation of encryption technologies meets this need by using Elliptic Curve Cryptography (ECC) to replace RSA and DH, and using Galois/Counter Mode (GCM) of the Advanced Encryption Standard (AES) block cipher for high-speed authenticated encryption. More on these algorithms below, but first, some good news: the new ISR Integrated Services Module brings these next-generation encryption (NGE) technologies to IPsec Virtual Private Networks, providing a security level of 128 bits or more. These technologies are future proof: the use of NGE enables a system to meet the security requirements of the next decade, and to interoperate with future products that leverage NGE to meet scalability requirements. NGE is based on IETF standards, and meets the government requirements for cryptography stipulated in FIPS-140.

NGE uses new crypto algorithms because they will scale better going forward. This is analogous to the way that jets replaced propeller planes; incremental improvements in propeller-driven aircraft are always possible, but it was necessary to adopt turbojets to achieve significant advances in speed and efficiency.

The community that needs a new technology most leads its adoption. For instance, the transition from propellers to jet engines happened for military applications before jets were adopted for commercial use. Similarly, governments are leading the transition to next generation encryption. The U.S. government selected and recommended a set of cryptographic standards, called Suite B because it provides a complete suite of algorithms that are designed to meet future security needs. Suite B has been approved for protecting classified information at both the SECRET and TOP SECRET levels. Suite B sets a good direction for the future of network security, and the Suite B algorithms have been incorporated into many standards. (Cisco supported the development of some of these standards, including GCM authenticated encryption and implementation methods for ECC.) NGE uses the Suite B algorithms for two different reasons. First, it enables government customers to conform to the Suite B requirements. Second, Suite B offers the best technologies for future-proof cryptography, and is setting the trend for the industry. These are the best standards that one can implement today if the goal is to meet the security and scalability requirements ten years hence, or to interoperate with the crypto that will be deployed in that timescale.

A network encryption system must meet the networks requirements for high throughput, high numbers of connections, and low latency, while providing protection against sophisticated attacks. Cryptographic algorithms and key sizes are designed to make it economically infeasible for an attacker to break a cryptosystem. In principle, all algorithms are vulnerable to an exhaustive key search. In practice, this vulnerability holds only if an attacker can afford enough computing power to try every possible key. Encryption systems are designed to make exhaustive search too costly for an attacker, while also keeping down the cost of encryption. The same is true for all of the cryptographic components that are used to secure communications digital signatures, key establishment, and cryptographic hashing are all engineered so that attackers cant afford the computing resources that would be needed to break the system.

Every year, advances in computing lower the cost of processing and storage. These advances in computing accrue over the years and make it imperative to periodically move to larger key sizes. Because of Moores law, and a similar empirical law for storage costs, symmetric cryptographic keys need to grow by a bit every 18 months. In order for an encryption system to have a useful shelf life, and be able to securely interoperate with other devices throughout its operational lifespan, it should provide security ten or more years into the future. The use of good cryptography is more important now than ever before, due to the threat of well-funded and knowledgeable attackers.

A complete crypto suite includes algorithms for authenticated encryption, digital signatures, key establishment, cryptographic hashing. I touch on each of these below, to explain the need for technology changes. The Rivest-Shamir-Adleman (RSA) algorithms for encryption and digital signatures are less efficient at higher security levels, as is the integer-based Diffie-Hellman (DH). In technical terms, there are sub-exponential attacks that can be used against these algorithms, and thus their key sizes must be substantially increased to compensate for this fact. In practice, this means that RSA and DH are becoming less efficient every year.

Elliptic Curve Cryptography (ECC) replaces RSA signatures with the ECDSA algorithm, and replaces the DH key exchange with ECDH. ECDSA is an elliptic curve variant of the DSA algorithm, which has been a standard since 1994. ECDH is an elliptic curve variant of the classic Diffie-Hellman key exchange. DH and DSA are both based on the mathematical group of integers modulo a large prime number. The ECC variants replace that group with a different mathematical group that is defined by an elliptic curve. The advantage of ECC is that there are no sub-exponential attacks that work against ECC, which means that ECC can provide higher security at lower computational cost. The efficiency gain is especially pronounced as one turns the security knob up.

The AES block cipher is widely used today; it is efficient and provides a good security level. However, the Cipher Block Chaining (CBC) mode of operation for AES, which is commonly used for encryption, contains serialized operations that make it impossible to pipeline. Additionally, it does not provide authentication, and thus the data encrypted by CBC must also be authenticated using a message authentication code like HMAC. NGE improves on the combination of CBC and HMAC by using AES in the Galois/Counter Mode (GCM) of operation.

Fifteen years ago, it was considered a truism that encryption could not keep up with the fastest networks. Ten years ago, it was realized that the counter mode of operation (CTR) could keep up, but that did not resolve the need for data authentication. GCM solves this problem by incorporating an efficient authentication method, based on arithmetic over finite fields. GCM is an authenticated encryption algorithm; it provides both confidentiality and authenticity. Combing both these security services into a single algorithm improves both security and performance. (For instance, it prevents subtle attacks that exploit unauthenticated encryption, such as the recent BEAST attack against the TLS/SSL protocol and similar attacks.) AES-GCM is efficient even at very high data rates, because its design enables the use of full data pipelines and parallelism. Its efficiency is showcased by its use in the IEEE MACsec protocol, where it has kept up with 802.1 data rates of 10, 40, and even 100 gigabits per second without adding significant latency.

NGE follows Suite B and uses the SHA-2 family of hash functions. These functions replace the ubiquitous SHA-1 hash with SHA-256, SHA-384, and SHA-512. SHA-1 only targets an 80-bit security level, and has been shown to not meet that goal. If you are still using SHA-1, you should transition to SHA-256, which provides a 128-bit security level.

For more information about Ciscos offering for faster next-generation encryption, see the Cisco VPN Internal Service Module for the ISR G2 page.

Share:

Originally posted here:

Next Generation Encryption – blogs.cisco.com

- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019
- Difference Between Hashing and Encryption - ssl2buy.com - April 29th, 2019
- What is Advanced Encryption Standard (AES)? - Definition ... - April 29th, 2019
- How to Encrypt Your Wireless Network - Lifewire - April 29th, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 ... - April 22nd, 2019
- Email encryption - Wikipedia - April 8th, 2019
- What is Encryption, and Why Are People Afraid of It? - April 8th, 2019
- Data encryption | cryptology | Britannica.com - April 8th, 2019
- How to Enable Full-Disk Encryption on Windows 10 - April 1st, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 Race - March 27th, 2019
- Does Encryption Really Help ISIS? Heres What You Need to ... - March 27th, 2019
- AES and RSA Encryption Explained - March 27th, 2019
- Encryption: What it is and why its important - Norton - March 23rd, 2019
- Email encryption in transit - Gmail Help - March 21st, 2019
- Authenticated encryption - Wikipedia - March 19th, 2019
- Email Encryption Options for MDaemon Email Server - March 14th, 2019
- How to Encrypt Files on Windows - Tutorial - Toms Guide - March 6th, 2019
- Encryption, Key Management - bank information security - March 5th, 2019
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 2.40.1.11 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018
- Azure Search enterprise security: Data encryption and user ... - January 26th, 2018
- Skype finally getting end-to-end encryption | Ars Technica - January 13th, 2018
- FBI chief says phone encryption is a 'major public safety issue' - January 13th, 2018
- Encryption and Export Administration Regulations (EAR) - December 27th, 2017
- Key (cryptography) - Wikipedia - December 21st, 2017
- security - Fundamental difference between Hashing and ... - December 15th, 2017
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017
- Trumps DOJ tries to rebrand weakened encryption as responsible ... - October 11th, 2017

## Recent Comments